bind-9.11.4-16.P2.6.0.1.el7.AXS7
エラータID: AXSA:2020-120:04
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
* bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-8616
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
Update packages.
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
N/A
SRPMS
- bind-9.11.4-16.P2.6.0.1.el7.AXS7.src.rpm
MD5: 8a6e4ce483fe7c2a23f77d4d3f456e56
SHA-256: 0bef5226ed1e2d37c32ea655f01979a4e392e87de30de750f81ca84e7f8ac7a6
Size: 9.35 MB
Asianux Server 7 for x86_64
- bind-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: d31d8d178e152387d798ea66c2ef9b34
SHA-256: 2b283637a57e5a944deeb355042ecd9f27128c75eae3789f45cc86e1abe41e1b
Size: 2.32 MB - bind-chroot-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 450ca0aefc74b9db15572e1795761d12
SHA-256: b37a285fdf51eacfdd0039eaa877fc72594dee8b86717a01f14240d31281769f
Size: 90.52 kB - bind-export-devel-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 113ab4333b8b3da62023e301eb513898
SHA-256: be3ce1dada6b3b129829ad827c15326a3d7b33ca730b5fc477f30cda06e98c9f
Size: 387.03 kB - bind-export-libs-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 657ff25d9018178f6e216af72fd1f620
SHA-256: 845f31db341582c85952686b80e7fc0eed8a172a548b1ffbbb1d8c10c73fee49
Size: 1.09 MB - bind-libs-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 50d87b5967a7fb6cecd2803ddcc647ab
SHA-256: 9e59fc6ec6b5989ab28f24755e2e68932ef80d8b860259dcb9d93ebc53daa691
Size: 154.98 kB - bind-libs-lite-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 17f4e2572bdd45e45e88629024c89266
SHA-256: c76d43a96b737b69ec638edf1e949c3a4ca4808d43b666901ced150e160c41f1
Size: 1.12 MB - bind-license-9.11.4-16.P2.6.0.1.el7.AXS7.noarch.rpm
MD5: 12d904f2446e0d3ad0dfed1ec46a8b6e
SHA-256: 8c66f3f5cd8efd15fbd883386bcf84aa829366d88db2cda70933d313bde975e2
Size: 88.75 kB - bind-pkcs11-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 402a8a587aaa188ddc2727806790e885
SHA-256: 0a2868632f6d9d27895874b95e6a7c63bdd1644c80f6a3c14039764b9ec77f59
Size: 359.95 kB - bind-pkcs11-libs-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: e91573d7924418bcfaf1c8645640fb2f
SHA-256: 020ccfb807f78de5f8465c58cbe58c713dc97546fb09a8817333dca0040c4bde
Size: 1.07 MB - bind-pkcs11-utils-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: 37acec0f68074789f997a001525ab4ea
SHA-256: c381e042d239015f2689605abf16b7d079b9d960ee9216e05a0c20e0cb740e7e
Size: 207.17 kB - bind-utils-9.11.4-16.P2.6.0.1.el7.AXS7.x86_64.rpm
MD5: efcf12fad8446f92b4cbc4de5cb49ba1
SHA-256: 1ef169492cdbba77705d106c380d7cfc3de4143b213c7386cedd23f2fa2ab798
Size: 258.52 kB - bind-libs-9.11.4-16.P2.6.0.1.el7.AXS7.i686.rpm
MD5: 29283a5632c9b4672834b696bcdaf123
SHA-256: 9fc3ea6429ed1ac000acaf763ed8d0a97a1ab898d5ecf5d57dc1a048f34910cc
Size: 154.23 kB - bind-libs-lite-9.11.4-16.P2.6.0.1.el7.AXS7.i686.rpm
MD5: c43ba6a920704cdadb169a2a5f781164
SHA-256: ed5fa71358eeeef7e78f81983fe7237e8baacff91dee3790ddd578b1f664cc0a
Size: 1.10 MB - bind-pkcs11-libs-9.11.4-16.P2.6.0.1.el7.AXS7.i686.rpm
MD5: c9a86e53265a2b9f02fb8aa928711cf8
SHA-256: c914bbb929127b61f2d34d6cbfb338656f7949b13c568eb60021fa858c02cb3b
Size: 1.05 MB